CVE-2026-40356 — Out-of-Bounds $1

/MEDIUM /CVSS 5.9/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severityout-of-bounds-1cwe-191
CVE-2026-40356 — Out-of-Bounds $1

CVE-2026-40356 — In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly

What This Means For You

  • If your environment is affected by CWE-191, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-40356 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1207 Vulnerabilities in Authentication Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

MIT Kerberos 5 Integer Underflow Out-of-Bounds Read Attempt — CVE-2026-40356

Sigma YAML — free preview 
title: MIT Kerberos 5 Integer Underflow Out-of-Bounds Read Attempt — CVE-2026-40356
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
  This rule detects potential exploitation attempts against MIT Kerberos 5 (krb5) by monitoring for the execution of krb5-related processes. The vulnerability CVE-2026-40356 involves an integer underflow and out-of-bounds read in the gss_accept_sec_context() function when a NegoEx mechanism is registered. An unauthenticated remote attacker can trigger this, potentially leading to a process termination. Monitoring for krb5 processes is the most direct way to observe potential exploitation given the described mechanism.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-40356/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|contains:
          - 'krb5'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40356 vulnerability CVE-2026-40356
CWE-191 weakness CWE-191

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 28, 2026 at 10:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

D-Link DI-8100 Critical Buffer Overflow Vulnerability (CVE-2026-7248)

CVE-2026-7248 — A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The...

vulnerabilityCVEcriticalhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 1 IOC /⚙ 2 Sigma

D-Link DI-8100 Buffer Overflow: CVE-2026-7247 Exposes Remote Exploitation Risk

CVE-2026-7247 — A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /7.2 /⚑ 1 IOC /⚙ 2 Sigma

CVE-2026-7244: Critical Command Injection Flaw in Totolink Router

CVE-2026-7244 — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the...

vulnerabilityCVEcriticalhigh-severitycommand-injectioncwe-77cwe-78
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 5 IOCs /⚙ 2 Sigma